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1. REAL PARTY IN INTEREST 

The real party in interest is assignee Sybase, Inc. located at One Sybase Drive, 
Dublin, CA 94568. 

2. RELATED APPEALS AND INTERFERENCES 

There are no appeals or interferences known to Appellant, the Appellant's legal 
representative, or assignee which will directly affect or be directly affected by or have a 
bearing on the Board's decision in the pending appeal. 

3. STATUS OF CLAIMS 

The status of all claims in the proceeding is as follows: 
Rejected: Claims 1-22, 25-45 

Allowed or Confirmed: None 
Withdrawn: None 
Objected to: None 
Canceled: Claims 23, 24 

Identification of claims that are being appealed: Claims 1-22, 25-45 

An appendix setting forth the claims involved in the appeal is included as Section 
8 of this brief. 

4. STATUS OF AMENDMENTS 

Several prior Amendments and Requests for Reconsideration as well as an Appeal 
Brief have been filed in this case. Appellant filed a Response / Request for 
Reconsideration on February 1, 2008 in response to an initial non-final Office Action 
dated November 5, 2007. In response to the Examiner's (first) final rejection dated May 
8, 2008 finally rejecting Appellant's claims, Appellant filed a Notice of Appeal. 
Subsequently, Appellant filed an Amendment After Appeal on October 7, 2008 canceling 
claim 23 in response to the Examiner's objection to that claim. On October 10, 2008 
Appellant filed an Appeal Brief to appeal the Examiner's (first) final rejection. In 
response to Appellant's Appeal Brief, the Examiner filed an Examiner's Answer dated 
January 7, 2009 that added new ground(s) of rejection. In response, Appellant elected to 
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reopen prosecution under 37 CFR Sections 41.39(b) and 1.111 and filed an Amendment / 
Response dated March 9, 2009. After a telephone interview with the Examiner, 
Appellant filed a Supplemental Amendment dated April 14, 2009. Subsequently, the 
Examiner issued a (second) Final Rejection (hereinafter the "Final Rejection") of 
Appellant's claims dated August 25, 2009. Appellant filed a Request for Reconsideration 
after the Final Rejection on October 23, 2009, requesting that the Examiner reconsider 
the Final Rejection. However, in an Advisory Action mailed on November 3, 2009, the 
Examiner refused to reconsider the Final Rejection. Appellant has chosen to forego 
making other amendments to the claims after the date of the Final Rejection as it is 
believed that further amendments to the claims are not warranted in view of the art. 

5. SUMMARY OF CLAIMED SUBJECT MATTER 

Appellant asserts that the art rejections herein fail to teach or suggest all of the 
claim limitations of Appellant's claimed invention, where the claimed invention is set 
forth in the embodiment in independent claim 1: A computer-implemented method for 
specifying and enforcing entitlements for performance of financial transactions (see e.g., 
Appellant's specification, paragraph [0013], paragraphs [0043]-[0044], paragraphs 
[0055]-[0056], paragraph [0059]; also see generally, e.g., Fig. 1, Fig. 2, Fig. 3; Figs. 5A- 
B), the method comprising: in a computer system having at least a processor and memory 
(see e.g., Appellant's specification paragraphs [0032]-[0038], paragraph [0042]; also see, 
e.g., Fig. 1, Fig. 2) providing a hierarchical entitlement structure with inheritance for 
specifying entitlements for performing financial transactions (see e.g., Appellant's 
specification, paragraph [0013], paragraph [0045], paragraph [0063], paragraphs [0066]- 
[0068], paragraph [0073], paragraph [0079], paragraph [0112]; also see, e.g., Fig. 4; Fig. 
5A at 501-503), receiving user input for defining a plurality of entitlement groups of said 
hierarchical entitlement structure (see e.g., Appellant's specification, paragraph [0013], 
paragraphs [0046] -[0047], paragraph [0049], paragraph [0067], paragraph [0073], 
paragraphs [0079]-[0080], paragraph [0153]; also see, e.g., Fig. 4; Fig. 5A at 501-502), 
wherein each entitlement group has specified permissions to perform financial 
transactions, limits on performance of said financial transactions, and membership of 
each user (see e.g., Appellant's specification, paragraph [0013], paragraph [0044], 
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paragraphs [0046] -[0047], paragraph [0049], paragraphs [0066] -[0068], paragraph 
[0073], paragraph [0081];also see, e.g., Fig. 4; Fig. 5A at 503), in response to a particular 
user request to perform a financial transaction at runtime, identifying the particular user's 
membership in a certain entitlement group (see e.g., Appellant's specification, paragraph 
[0013], paragraphs [0046] -[0047], paragraph [0082]; also see, e.g., Fig. 5A at 504-505), 
and determining whether to allow the particular user to perform the financial transaction 
based on permissions and limits of said hierarchical entitlement structure applicable to 
the particular user's performance of the financial transaction (see e.g., Appellant's 
specification, paragraph [0013], paragraphs [0046]-[0047], paragraphs [0083]-[0085]; 
also see, e.g., Figs. 5A-B at 506-511). 

Appellant additionally asserts that the art rejections herein fail to teach or suggest 
all of the claim limitations of Appellant claimed invention, where the claimed invention 
is set forth in the embodiment in independent claim 25: A system for specifying and 
enforcing entitlements for performance of financial transactions (see e.g., Appellant's 
specification, paragraph [0013], paragraphs [0043]-[0044], paragraph [0055], paragraphs 
[0059]-[0061]; also see, e.g., Fig. 3; Figs. 5A-B), the system comprising: a computer 
having at least a processor and memory (see e.g., Appellant's specification paragraphs 
[0032]-[0038], paragraph [0042]; also see, e.g., Fig. 1, Fig. 2), a hierarchical entitlement 
structure with inheritance for specifying entitlements for performing financial 
transactions (see e.g., Appellant's specification, paragraph [0013], paragraph [0045], 
paragraph [0063], paragraphs [0066]-[0068], paragraph [0073], paragraph [0079], 
paragraph [01 12]; also see, e.g., Fig. 4; Fig. 5A at 501-503), a user input module for 
specifying a plurality of entitlement groups of said hierarchical entitlement structure (see 
e.g., Appellant's specification, paragraph [0013], paragraphs [0046]-[0047], paragraph 
[0049], paragraphs [0058]-[0059], paragraph [0067], paragraph [0073], paragraphs 
[0079]-[0080], paragraph [0153]; see generally, e.g., Fig. 3; also see, e.g., Fig. 4; Fig. 5A 
at 501-502), wherein each entitlement group has specified permissions to perform 
financial transactions, limits on performance of said financial transactions, and user 
membership (see e.g., Appellant's specification, paragraph [0013], paragraph [0044], 
paragraphs [0046] -[0047], paragraph [0049], paragraphs [0066] -[0068], paragraph 
[0073], paragraph [0081];also see, e.g., Fig. 4; Fig. 5A at 503), and an enforcement 
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module for determining, in response to a particular user's request to perform a given 
financial transaction at runtime, whether to allow the particular user to perform the 
financial transaction based on permissions and limits of said hierarchical entitlement 
structure applicable to the entitlement group of which the particular user is a member (see 
e.g., Appellant's specification, paragraph [0013], paragraphs [0046]-[0047], paragraphs 
[0059]-[0061], paragraphs [0083]-[0085]; see generally, Fig. 3; also see, e.g., Figs. 5A-B 
at 506-511). 

Appellant also asserts that the art rejections herein fail to teach or suggest all of 
the claim limitations of Appellant claimed invention, where the claimed invention is set 
forth in the embodiment in independent claim 45: A method for defining and enforcing 
permissions and limits on performance of financial transactions in a banking system (see 
e.g., Appellant's specification, paragraph [0013], paragraphs [0043] -[0044], paragraphs 
[0055]-[0056], paragraph [0059]; also see generally, e.g., Fig. 1, Fig. 2, Fig. 3; Figs. 5A- 
B), the method comprising: in a banking system (see e.g., Appellant's specification, 
paragraphs [0055]-[0056], paragraphs [0059]-[0061]; see generally, e.g., Fig. 3) 
implemented in a computer system having at least a processor and memory (see e.g., 
Appellant's specification paragraphs [0032]-[0038], paragraph [0042]; also see, e.g., Fig. 
1, Fig. 2), receiving user input defining a plurality of entitlement groups (see e.g., 
Appellant's specification, paragraph [0013], paragraphs [0046]-[0047], paragraph [0049], 
paragraph [0067], paragraph [0073], paragraphs [0079]-[0080], paragraph [0153]; also 
see, e.g., Fig. 4; Fig. 5A at 501-502), wherein each entitlement group has specified users, 
permissions to perform financial transactions and limits on performance said financial 
transactions (see e.g., Appellant's specification, paragraph [0013], paragraph [0044], 
paragraphs [0046] -[0047], paragraph [0049], paragraphs [0066] -[0068], paragraph 
[0073], paragraph [0081]; also see, e.g., Fig. 5A at 503), organizing said plurality of 
entitlement groups into hierarchical structure with inheritance specifying permissions and 
limits for performing financial transactions (see e.g., Appellant's specification, paragraph 
[0013], paragraph [0045], paragraph [0063], paragraphs [0066] -[0068], paragraph [0073], 
paragraph [0079], paragraph [0112]; also see, e.g., Fig. 4; Fig. 5A at 501-503), in 
response to a particular user request to perform a financial transaction in the banking 
system at runtime, identifying the particular user's membership in a certain entitlement 



6 



group (see e.g., Appellant's specification, paragraph [0013], paragraph [0046], paragraph 
[0063], paragraphs [0066]-[0068], paragraph [0082]; also see, e.g., Fig. 5A at 504-505), 
and determining whether to allow the particular user to perform the financial transaction 
based on permissions and limits of said hierarchical entitlement structure applicable to 
the particular user's performance of the financial transaction (see e.g., Appellant's 
specification, paragraph [0013], paragraphs [0046] -[0047], paragraphs [0059]-[0061], 
paragraphs [0083]-[0085]; see generally, Fig. 3; also see, e.g., Figs. 5A-B at 506-511). 

Appellant further asserts that the art rejections herein fail to teach or suggest all of 
the claim limitations of Appellant's dependent claims 12 and 36, with claim limitations 
of defining limits applying collectively to a particular entitlement group and children 
entitlement groups of said particular entitlement group in said hierarchical entitlement 
structure (see e.g., Appellant's specification, paragraph [0047], paragraph [0049], 
paragraph [0075], paragraph [0114], paragraph [0151]; Fig. 5B at 508-509; also see 
generally, e.g., Fig. 4). 

Appellant further asserts that the art rejections herein fail to teach or suggest all of 
the claim limitations of Appellant's dependent claims 8 and 32, with claim limitations 
wherein defining a plurality of entitlement groups includes defining limits comprising a 
selected one of per-transaction limits and cumulative limits over a period of time (see 
e.g., Appellant's specification, paragraph [0047], paragraph [0075], paragraph [0114], 
paragraph [0151]; Fig. 5B at 508-509; also see generally, e.g., Fig. 4). 

Appellant further asserts that the art rejections herein fail to teach or suggest all of 
the claim limitations of Appellant's dependent claims 2 and 26, which includes claim 
limitations of a hierarchical entitlement structure in which a given entitlement group 
inherits permissions provided to its parent entitlement group in said hierarchical 
entitlement structure (see e.g., Appellant's specification, paragraph [0043], paragraph 
[0045], paragraphs [0067]-[0068], paragraph [0112]; Fig. 5A at 503; also see generally, 
e.g., Fig. 4). 

Appellant further asserts that the art rejections herein fail to teach or suggest all of 
the claim limitations of Appellant's dependent claims 3 and 27, which includes claim 
limitations of defining a plurality of entitlement groups including restricting permissions 
inherited by an entitlement group from its parent entitlement group in said hierarchical 
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entitlement structure (see e.g., Appellant's specification, paragraph [0043], paragraph 
[0045], paragraphs [0067]-[0068], paragraph [0112]; Fig. 5A at 503; also see generally, 
e.g., Fig. 4). 

Appellant further asserts that the art rejections herein fail to teach or suggest all of 
the claim limitations of Appellant's dependent claim 30: wherein at least some of said 
particular objects represent bank accounts (see e.g., Appellant's specification, paragraph 
[0063], paragraphs [0067]-[0068], paragraphs [0081]-[0083]). 

Appellant further asserts that the art rejections herein fail to teach or suggest all of 
the claim limitations of Appellant's dependent claim 33: wherein said permissions to 
perform financial transactions include permissions applying to a selected one of functions 
of a financial application and objects of a financial application (see e.g., Appellant's 
specification, paragraph [0070], paragraph [0076], paragraphs [0081]-[0083]). 

Appellant further asserts that the art rejections herein fail to teach or suggest all of 
the claim limitations of Appellant's dependent claims 17 and 41: wherein said 
permission information is modeled as three-tuples representing negative permissions (see 
e.g., Appellant's specification, paragraph [0045], paragraphs [0088]-[0098]). 

6. GROUNDS OF REJECTION TO BE REVIEWED 

The grounds for appeal are: 

(1st) Whether claims 1, 4-5, 7-8, 10-16, 18-22 and 25-45 are unpatentable under 
35 U.S.C. Section 103(a) as being obvious over U.S. Patent 6,1261,139 to Win 
(hereinafter "Win") in view of U.S. Published Application 2002/0029339 of Rowe 
(hereinafter "Rowe"); and 

(2nd) Whether claims 2-3, 6, 9 and 17 are unpatentable under 35 U.S.C. Section 
103(a) as obvious over Win (above) in view of Rowe (above) and further in view of U.S. 
Patent 6,202,066 to Barkley (hereinafter "Barkley"). 

7. ARGUMENT 

A. First Ground: Claims 1, 4-5, 7-8, 10-16, 18-22 and 25-45 rejected under 35 U.S.C. 
103(a) 

1 . General 

Under Section 103(a), a patent may not be obtained if the differences between the 
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subject matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having 
ordinary skill in the art to which the subject matter pertains. To establish a prima facie 
case of obviousness under this section, the Examiner must establish: (1) that there is 
some suggestion or motivation, either in the references themselves or in the knowledge 
generally available to one of ordinary skill in the art, to modify the reference or to 
combine reference teachings, (2) that there is a reasonable expectation of success, and (3) 
that the prior art reference (or references when combined) must teach or suggest all the 
claim limitations. (See e.g., MPEP 2142). The reference(s) cited by the Examiner fail to 
meet these conditions. 

2. Claims 1,4-5,7, 10-11, 13-16,18-22 and 25-45 

The Examiner has rejected Appellant's claims 1, 4-5, 7-8, 10-16, 18-22 and 25-45 
under 35 U.S.C. Section 103(a) as being obvious over U.S. Patent 6,1261,139 to Win 
(hereinafter "Win") in view of U.S. Published Application 2002/0029339 of Rowe 
(hereinafter "Rowe"). The following rejection of Appellant's claims 1 by the Examiner is 
representative of the Examiner's rejection of the Appellant's claims under Section 103: 

Re claim 1: (Currently amended) Win discloses a computer-implemented method 
for specifying and enforcing entitlements for performance of financial 
transactions, the method comprising: 

- in a computer system having at least a processor and memory, providing a 
hierarchical entitlement structure with inheritance for specifying entitlements for 
performing financial transactions (column 4, lines 22-26; column 5, lines 7-8); 

- receiving user input for defining a plurality of entitlement groups of said 
hierarchical entitlement structure, wherein each entitlement group has specified 
permissions to perform financial transactions (column 15, lines 15-21; column 4, 
lines 24-26). 

Win doesn't explicitly teach the limitation comprising wherein each entitlement 
group has limits on performance of said financial transactions, and membership 
of each user. Rowe, however, makes this teaching in a related endeavor 
(paragraph 12, lines 5-13; paragraph 14). Rowe discloses as his invention a 
method and apparatus for facilitating monetary and commercial transactions and 
securely storing data. The present invention relates to methods and devices for 
permitting monetary transactions, such as the transfer of funds and the payment of 
monies, for facilitating commercial transactions such as the purchase of goods, 
and for securely storing data. It would have been obvious to one of ordinary skill 
in the art at the time of the invention to combine the teaching of Rowe with those 
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of Win as discussed above for the motivation of establishing entitlement to access 
the account (Rowe, abstract). 

Win further discloses: 

- in response to a particular user request to perform a financial transaction at 
runtime, identifying the particular user's membership in a certain entitlement 
group (column 5, lines 45-55); 

- determining whether to allow the particular user to perform the financial 
transaction based on permissions and limits of said hierarchical entitlement 
structure applicable to the particular user's performance of the financial 
transaction (column 4, lines 15-18); 

(Final Rejection, page 3) 

At the outset, Appellant does not claim to have invented the notion of associating 
roles with administrative privileges. Appellant acknowledges that the general teaching of 
role-based administrative privileges is known in the art and is described by Win as well 
as numerous other prior art references. However, Appellant's claimed invention serves a 
different and distinct role in that it is focused on specifying and enforcing entitlements 
(including permissions and limits) for performing financial transactions (see e.g., 
Appellant's specification, paragraph [0013]). Appellant's solution utilizes a hierarchical 
structure for specifying and enforcing entitlements for performing financial transactions 
that is particularly useful in banking and other financial applications and that distinguish 
Appellant's claimed invention from the cited prior art references in a significant number 
of respects. 

One difference between Appellant's invention and the cited prior art references is 
that Appellant's invention is focused on specifying and enforcing permissions and limits 
(i.e., entitlements) for performing financial transactions , which can be used as part of a 
financial application such as a corporate banking application (see e.g., Appellant's 
specification, paragraph [0013], paragraph [0043]). The entitlements that may be defined 
and enforced using Appellant's invention include application-specific entitlements (e.g., 
performing certain functions of an application), transaction entitlements (e.g., performing 
certain transactions or operations on an object), and limits or limit entitlements such as a 
maximum dollar limit for payments or similar banking functions (see e.g., Appellant's 
specification, paragraph [0044]). These features are included as limitations of 
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Appellant's claims including, for instance, the following limitations of Appellant's claim 
1: 



A method implemented in a computer system for specifying and enforcing 
entitlements for performance of financial transactions , the method comprising: 
in a computer system having at least a processor and memory, providing a 
hierarchical entitlement structure with inheritance for specifying entitlements for 
performing financial transactions ; 

receiving user input for defining a plurality of entitlement groups of said 
hierarchical entitlement structure , wherein each entitlement group has specified 
permissions to perform financial transactions, limits on performance of said 
financial transactions, and membership of each user; 

(Appellant's claim 1, emphasis added) 

Here, the entitlements that may be specified and enforced with Appellant's claimed 
invention include whether a given user is allowed to perf orm certain financial 
transactions (e.g., create wire transactions) as well as limits on the user's performance of 
permitted activities, such as setting a dollar limit for payment operations and other 
banking functions (see e.g., Appellant's specification, paragraph [0044]). 

The Examiner contends that Win's teachings of associating users with one or 
more administrative roles and associating each defined administrative role with one or 
more administrative privileges (Win, Abstract and col. 1, lines 18-24) are comparable to 
Appellant's solution for specifying and enforcing entitlements for performance of 
financial transactions (Final Rejection, paragraph 4, pages 2-3). However, Win makes 
no mention whatsoever of discussing limits for performing financial transactions . 
The Examiner contends (in the Advisory Action dated November 3, 2009) that because 
one of the job functions mentioned by Win is "financial analyst" that "the user role of 
financial analyst implicitly performing a finance-related function". However, the mere 
mention of the fact that an organization may have an employee with a job title of 
"financial analyst" does not teach anything about how financial transactions may actually 
be performed or how a system for specifying and enforcing entitlements (e.g., 
permissions and limits) for performing financial transactions may actually be constructed . 
As Win does not provide any discussion of financial transactions being performed, there 
is nothing to teach or remotely suggest how one might use Win's system to specify and 
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enforce permissions and limits for performing financial transactions. 

Additionally, Win's access control system does not include a hierarchical 
entitlement structure with inheritance comparable to that of Appellant's claimed 
invention. Appellant's solution provides a hierarchical entitlement structure with 
inheritance that includes a hierarchy of roles in which a given subordinate role inherits 
attributes from its parent (i.e., superior) role (see e.g., Appellant's specification, 
paragraph [0045]; also see e.g., Fig. 5A at 501-502). The inheritance from above is 
negative (i.e., restrictive) in nature (see e.g., Appellant's specification, paragraph [0045]; 
also see, e.g., paragraph [0112]; also see e.g., Fig. 5A at 503). The root node resides at 
the top of the inheritance hierarchy, serving as an administrator who may perform all 
functions in the system (see e.g., Appellant's specification, paragraph [0045]). As the 
entitlement hierarchy of Appellant's solution is traversed downward from the root, 
additional restrictions are applied to subordinate roles; subordinate roles cannot have 
greater permissions than their parent (see e.g., Appellant's specification, paragraph 
[0045]; see also, paragraph [0068]). By operating in this fashion, Appellant's hierarchical 
entitlements solution with inheritance provides a much more flexible solution as shown, 
for example, by the following: 

The system and methodology of the present invention allows an organization to 
define limits that are not only cumulative to a specific role but that also roll up 
through the entire role hierarchy. A business may, for example, specify that (1) 
its accounts receivable function is able to perform wire transactions, subject to 
limits of $1,000 per wire, $1,000 per day, and $20,000 per month, (2) its accounts 
payable function has the same limit, but (3) the controller function has a different 
set of limits. Suppose that, for this particular business, the accounts receivable, 
accounts payable, and controller function roll up to the CFO (chief financial 
officer) function in the organization's hierarchy, and the CFO role itself has a 
specified limit of $50,000 per day and $100,000 per month. In this circumstance, 
the present invention enables the organization to define and enforce limitations 
that the combination of functions under the CFO cannot collectively spend more 
than the limit specified for the CFO. 

(Appellant's specification, paragraph [0047]). 

The hierarchical structure with inheritance for specifying and enforcing entitlements 
of Appellant's invention is specifically included in Appellant's claims. This feature is 
described, for example, in the above-quoted limitations of Appellant's claim 1. 
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Win's access control system does not include a comparable hierarchical 
entitlement structure with inheritance . The teachings of Win referenced by Examiner in 
the Final Rejection (page 3, re: claim 1) for the corresponding teachings simply describe 
that users may have various roles as follows: 

Users are individuals who have a relationship with an organization and play 
various roles, and are registered in the system 2. Users may be members of an 
organization, or may be customers, suppliers, or business partners of the 
organization. 

(Win, column 4, lines 22-26) 

As illustrated above, Win makes no mention of any sort of hierarchical structure, 
inheritance, or entitlements for performing financial transactions. 

The Examiner also references (in the Advisory Action dated November 3, 2009) 
the following teachings of Win as corresponding to Appellant's claim limitations of a 
hierarchical entitlement structure with inheritance: 

A Role may reflect a relationship of a User to the organization (employee, 
customer, distributor, supplier), their department within an organization (sales, 
marketing, engineering) or any other affiliation or function (member of quality 
task force, hotline staff member) that defines their information needs and thus 
their access rights or privileges. 

(Win, column 5, lines 2-8) 

Again, Win simply describes conventional role-based permissions and makes no mention 
of a "hierarchical entitlement structure" or "inheritance" or of "entitlements for 
performing financial transactions" . Respectfully, Win's teachings of role-based 
permissions are not at all comparable to the specific limitations of Appellant's claims 
(e.g., Appellant's claim 1, quoted above). 

Furthermore, the Examiner admits that Win provides no teaching of entitlement 
groups having specified limits on the performance of financial transactions and 
membership of each user (Final Rejection, page 3, re: claim 1) as provided, for instance, 
in the following claim limitations of Appellant's claim 1 : 

receiving user input for defining a plurality of entitlement groups of said 
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hierarchical entitlement structure, wherein each entitlement group has specified 
permissions to perform financial transactions, limits on performance of said 
financial transactions, and membership of each user ; 
in response to a particular user request to perform a financial transaction at 
runtime, identifying the particular user's membership in a certain entitlement 
group; and 

determining whether to allow the particular user to perform the financial 
transaction based on permissions and limits of said hierarchical entitlement 
structure applicable to the particular user's performance of the financial 
transaction. 

(Appellant's claim 1, emphasis added) 

The Examiner therefore turns to Rowe as providing the corresponding teachings 
admittedly not provided by Win. However, although Rowe mentions the word "limit" it 
does not include features for defining and enforcing limits on the performance of 
financial transactions comparable to Appellant's claimed invention and is distinguishable 
in a number of respects. 

Rowe describes a solution for opening a new bank or financial account with a 
financial provider electronically (Rowe, paragraph [0012], paragraphs [0028]-[0029]). 
As part of Rowe's methodology for establishing an account, a "value limit" is assigned to 
the account (Rowe, paragraph [0012]). This value limit is the maximum amount of funds 
what will be held in the account, which is typically the amount of the initial deposit into 
the account (Rowe, paragraph [0040]). Thus, Rowe's value limit is a single number 
associated with a given financial account (e.g., bank account) and is not a limit that is 
tied to an entitlement group (or user role). In fact, Appellant's review of Rowe finds no 
mention of defining entitlement groups (or of roles) or the type and amount of financial 
transactions that may be performed by members of such entitlement groups. 
Additionally, Rowe makes no mention of a hierarchical entitlement structure with 
inheritance . 

With Appellant's claimed invention, in contrast, users are members of entitlement 
groups of a hierarchical entitlement structure, with each group having specified 
permissions and limits for performing financial transactions. A user's membership in an 
entitlement group determines the permissions and limitations to which the user is subject. 
The entitlements that may be specified and enforced with Appellant's claimed invention 
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include whether members of a given entitlement group are allowed to perform certain 
financial transactions (e.g., create wire transactions) as well as dollar limits on 
performance of such transactions (see e.g., Appellant's specification, paragraph [0044]). 
Rowe's teachings are not comparable as the limitations described by Rowe are tied to 
particular accounts rather than to users or roles (i.e., members of entitlement groups). In 
particular, Rowe makes no mention of the fact that a user may belong to an entitlement 
group which gives the user certain permissions and limits to perform financial 
transactions. 

At most, the prior art references describe that an organization may be organized in 
a hierarchical structure (e.g., a corporation with a President/CEO at the top and lower 
level employees at the bottom). Appellant acknowledges that an organization such a 
corporation may be organized hierarchically; however, the manner in which employees of 
a corporation or other organization may be organized appears only marginally (if at all) 
relevant to how one might develop a computer-implemented solution to regulate the 
performance of financial transactions. Appellant's claimed invention comprises a 
computer-implemented solution including a hierarchical entitlement structure for 
specifying entitlements for performing financial transactions. 

Additionally, Appellant's solution also provides for inheritance among roles in 
this hierarchical entitlements structure. More particularly, with Appellant's solution 
subordinate roles inherit entitlements (e.g., permissions and limits) from parent roles in 
the hierarchical structure. Appellant's review of Win and Rowe finds no teaching or 
suggestion of any hierarchical entitlements structure in which users having one role to 
gaining permissions (entitlements) from other roles through inheritance. 

The Examiner argues (in the Advisory Action dated November 3, 2009) that Win 
does, in fact, disclose the "passing on" of access or entitlement privileges within an 
organization using the following example: 

Any user who is assigned the role of "Sales Manager" in the future will 
automatically have access to the "National Sales Report" resource. If the 
administrator later un-assigns "Sales Manager" from the "National Sales Report" 
resource, then all users associated with the "Sales Manager" role will 
automatically lose access to the resource. 
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(Win, col. 18, lines 25-34) 

Respectfully, the above does not illustrate inheritance , but rather simply is an example of 
conventional role-based permissions. All users assigned the role of "Sales Manager" 
have the same permissions. When the administrator adds a user to the Sales Manager 
role, then the newly added user has the same permission to access the specified resource 
as all other users having the same role. When the administrator withdraws the privilege 
to access the resource from the role, all users associated with the Sales Manager role lose 
the privilege. However, there is no teaching of a given role inheriting permissions from 
any other role. 

The difference between Win's approach and that of Appellant can be illustrated by 
example. Suppose, for instance, a Customer Service Representative needs permission for 
performing transactions al, a2 and a3. Furthermore, a Customer Service Manager needs 
permissions for everything a Customer Service Representative can do (i.e., al, a2 and a3) 
plus cl. Additionally, assume a Customer Service Director needs permission for 
everything a Customer Service Manager can do (i.e., al, a2, a3 and cl) plus dl. In Win's 
system, these permissions can be assigned one of the two ways described below. 

The first approach which can be used in Win's system is to create three roles as 
follows (i) role CSR with permissions al, a2, a3; (ii) role CSM with permission cl; and 
role CSD with permission dl. The role CSR would then be assigned to the Customer 
Service Representative. The Customer Service Manager would then be assigned two 
roles (CSR and CSM) and the Customer Service Director would be assigned all three 
roles (CSR, CSM, CSD). As illustrated, as one goes up the management chain in an 
organization, administration of this type of access control system becomes cumbersome 
due to the number of roles that need to be assigned to some users. 

The second approach which can be utilized with Win's system would be to define 
the same three roles, but assign the privileges differently as follows: (i) role CSR with 
permissions al, a2, a3; (ii) role CSM with permissions al, a2, a3, cl; and (iii) role CSD 
with permissions al, a2, a3, cl, dl. However, consider what happens when a Customer 
Service Representative needs permission to do a4, and therefore Customer Service 
Managers and Directors also need to do a4. This requires that all three roles be changed 
to add the permission to do a4, which is inconvenient and more difficult to administer. 
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With Appellant's hierarchical entitlement structure with inheritance, in contrast, 
one can define an inheritance relationship between the Customer Service Manager role 
and the Customer Service Representative role and another relationship between the 
Customer Service Director and the Customer Service Manager. Each user can still have 
one role (e.g., Customer Service Manager), yet gain permissions from other roles through 
inheritance. This makes management of permissions in a hierarchical environment such 
as a corporation easier to model and administer. 

3. Claims 12 and 36 

The above-described distinctions between the hierarchical entitlements structure 
of Appellant's invention and the role-based permissions of Win are made even more 
apparent when one considers the limitations of Appellant's dependent claims. For 
example, Appellant's dependent claim 12 includes the following limitations: 

The method of claim 1, wherein said step of defining a plurality of entitlement 
groups includes defining limits applying collectively to a particular entitlement 
group and children entitlement groups of said particular entitlement group in said 
hierarchical entitlement structure . 

(Appellant's claim 12, emphasis added) 

(Claim 36 includes similar claim limitations) Consider the example previously 
described above in this document. Appellant's invention enables an organization, for 
example, to define and enforce limitations applicable to the CFO of an organization as 
well as all those in the organization that report to the CFO. In other words, the limits 
applicable to the CFO apply not only to the CFO, but also apply to the combination of 
functions under the CFO such that they cannot collectively spend more than the limit 
specified for the CFO (see e.g., Appellant's specification, paragraph [0047]). 

In this case, the Examiner references the following teachings of Win as being 
comparable to the above-claimed features of Appellant's invention: 

The Role Admin privilege may be delegated to owners of a particular resource, 
for example the technical support database. Administrators in the Technical 
Support Department would be able to control who has access to that resource by 
assigning or removing roles associated with that resource from user accounts. The 
list of roles that may be managed by an administrator with this privilege is limited 
to the roles that have been assigned to their associated Admin Role record. 



17 



(Win, col. 16, lines 59-67) 

As illustrated above, Win makes no mention of a hierarchical entitlements structure in 
which a particular entitlement group has a child entitlement group. Additionally, Win 
makes no mention of limits, whether such limits are being applied to one or more 
entitlement groups (roles) or otherwise. In fact, as indicated on page 3 of the Final 
Rejection the Examiner acknowledges Win does not include teachings of limits on 
performance of financial transactions. Given that the Examiner admits Win does not 
teach limits on performance of financial transactions in general, it is clear that Win also 
cannot teach defining limits which apply collectively to more than one entitlement group 
as provided in the limitations of Appellant's claims 12 and 36. 
4. Claims 8 and 32 

Further distinctions between Appellant's claimed invention and the Win and 
Rowe references are found in dependent claims 8 and 32. For example, Appellant's 
dependent claim 8 includes the following limitations: 

The method of claim 1, wherein said step of defining a plurality of entitlement 
groups includes defining limits comprising a selected one of per-transaction limits 
and cumulative limits over a period of time . 

(Appellant's claim 8, emphasis added) 

Appellant's claimed invention enables a user or administrator to define both per- 
transaction limits and cumulative limits over a period of time for each type of activity 
being performed by users having a given role (i.e., membership in a given entitlement 
group) (see e.g., Appellant's specification, paragraph [0151]; see also paragraph [0047). 
For example, limits for each role (including those which are inherited) may be established 
per-transaction as well as per day, per week and/or per month for each type of activity 
being performed by the user. In this manner Appellant's invention enables one to define 
a "mass market consumer" role which has permission to pay bills up to a maximum 
amount of $500 per bill, with a maximum cumulative limitation of $2,000 per week. 
Another "affluent consumer" role can be defined which permits a user having such role to 
pay bills up to $1,000 per bill, up to $5,000 per week and may perform external transfers 
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of up to $10,000 per month. 

Respectfully, the above teachings of Rowe simply describe a fixed "maximum 
funds value" or "value limit" assigned by an account provider to a given financial 
account. In contrast to Rowe's teachings of single values associated with a given 
financial account, Appellant's claimed invention provides for per-transaction and 
cumulative limits which are applicable to particular users or roles. More generally (and 
as previously discussed) the values described by Rowe are tied to accounts and not roles 
and thus are individual to a particular customer account, having no relevance to other 
limits. Therefore, the referenced teachings are not remotely comparable to the above- 
described features of Appellant's claimed invention. 

5. Claims 26, 27, 30, 33 and 41 

In the Final Rejection, the Examiner acknowledges (see e.g., at page 7 in the 
discussion of claims 2 and 3) that Win and Rowe do not teach include teachings of a 
hierarchical entitlement structure with inheritance in which permissions are inherited 
from above. Thus, as the Examiner acknowledges that Win and Rowe do not include 
these teachings, Appellant's claims 26 and 27 including these claim limitations are clearly 
distinguishable from the cited prior art. 

Similarly, as to claim 30, the Examiner admits (see e.g., at page 7 in the 
discussion of claim 6) that Win and Rowe do not include teachings of the limitation 
"wherein at least some of said particular objects represent bank accounts". Accordingly, 
Claim 30 that includes similar claim limitations is admittedly allowable over Win and 
Rowe. 

Claim 33 includes claim limitations of defining permissions applicable to a 
selected one of functions of a financial application and objects of a financial application. 
The Examiner acknowledges that Win and Rowe do not provide this teaching (Final 
Rejection, page 8, re: claim 9). 

Claim 41 includes claim limitations of modeling the permission information as 
three tuples. The Examiner admits that Win and Rowe do not provide comparable 
teachings (Final Rejection, page 8, re: claim 9). 

6. Conclusion 

All told, Win and Rowe, even when combined, do not provide a solution which 



19 



enables one to define and enforce permissions and limits for performing financial 
transactions. In addition, neither reference includes teachings of a solution providing a 
hierarchical entitlement structure with inheritance in which a particular role inherits 
entitlements from another role. In addition, without teaching the hierarchical entitlement 
structure, the combined references cannot include any teaching of defining both per 
transaction limits and cumulative limits over a period of time for each type of activity 
being performed for entitlement groups of the hierarchical entitlement structure. 
Therefore, as the Win and Rowe references, even when combined, do not teach or 
suggest all of the claim limitations of Appellant's claims, it is respectfully submitted that 
claims 1, 4-5, 7-8, 10-16, 18-22 and 25-45 (as well as other claims) distinguish over the 
combined references and the rejection under Section 103 should not be sustained. 

B. Second Ground: Claims 2-3, 6, 9 and 17 rejected under 35 U.S.C. 103(a) 

1. Claims 2-3, 6, 9 and 17 

Claims 2-3, 6, 9 and 17 stand rejected under 35 U.S.C. 103(a) as being 
unpatentable over Win (above) in view of Rowe (above) and further in view of U.S. 
Patent 6,202,066 to Barkley (hereinafter "Barkley"). As to these claims, the Examiner 
continues to rely on Win and Rowe, but acknowledges that they do not teach certain 
limitations of these dependent claims as discussed below in more detail. The Examiner 
therefore adds Barkley as providing teachings corresponding to the limitations of these 
dependent claims. 

Appellant's claims are believed to be allowable for at least the reasons cited above 
(as to the first Section 103 rejection) pertaining to the deficiencies of Win and Rowe as to 
Appellant's invention. As these claims are dependent upon, and incorporate the 
limitations of Appellant's independent claims, they are distinguishable for the reasons 
previously described in detail in Appellant's First Ground of Appeal (incorporated by 
reference herein). As Barkley does not provide any teaching of a hierarchical entitlement 
structure with inheritance for specifying entitlements for performing financial 
transactions, it does not cure the deficiencies of these references as to Appellant's 
invention. Appellant also believes that these dependent claims are distinguishable for the 
following additional reasons. 
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2. Claims 2-3, 6 and 9 

As previously discussed, Appellant's solution provides a hierarchical entitlements 
structure with inheritance enabling one role to inherit permissions from another role. 
More particularly, Appellant's claimed invention provides for a hierarchy of roles in 
which roles are inherited from above (see e.g., Appellant's specification, paragraph 
[0045]; see also, e.g., Fig. 5 A at 501-503). Significantly, Appellant's approach is to 
structure such inheritance negatively so as to apply restrictions as one goes down in the 
hierarchical entitlements structure (see e.g., Appellant's specification, paragraph [0045]). 
With Appellant's solution the root node residing at the top of the inheritance structure, for 
example, has all permissions and may perform all functions in the system (Appellant's 
specification, paragraph [0045]). As the hierarchy is traversed downward, additional 
restrictions are applied (Appellant's specification, paragraph [0045]). This approach of 
restricting inherited permissions is included, for instance, as limitations of Appellant's 
dependent claim 3 as follows: 

The method of claim 2, wherein said step of defining a plurality of entitlement 
groups includes restricting permissions inherited by an entitlement group from its 
parent entitlement group in said hierarchical entitlement structure . 

(Appellant's claim 3, emphasis added) 

Thus, Appellant's solution provides for top-down inheritance in which an 
entitlement group inherits permissions from its parent, but typically subject to restrictions 
on such permissions. Although Barkley discusses that one role may inherit from another 
role, Barkley takes a bottom-up, rather than a top-down, approach to inheritance . As 
described at column 9, lines 48-51 of Barkley, a "manager" role has its own permissions 
and also inherits those permissions of its "subordinates" (Barkley, column 9, lines 48-51). 
Thus, Barkley describes expanding permissions through inheritance rather than restricting 
them. Another example of Barkley's bottom-up approach to inheritance is described at 
column 12, lines 19-26 which describes a financial advisor role inheriting privileges from 
an account rep role, such that the financial advisor has the permissions necessary to 
function as an account rep (Barkley, column 12, lines 19-26). There is nothing in 
Barkley to teach or suggest that the lower account rep role includes all the privileges of 
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the higher financial role with limitations. Thus, Barkley in fact teaches away from 
Appellant's top-down inheritance approach . Additionally, the Examiner also references 
column 11, lines 39-43 and column 13, lines 14-15 of Barkley as including teachings of 
restricting permissions inherited from a parent group of Appellant's claim 3. However, 
Appellant's review of the referenced teachings finds that while they discuss various roles 
having different object access privileges (e.g., to read, write or delete certain objects) 
they do not include teachings of restricting permissions inherited from its parent in a 
hierarchical entitlement structure. Given Barkley's bottom-up approach to inheritance, 
this is not surprising. Additional restrictions would not typically be applied to managers, 
for example, on privileges that they inherit from lower level subordinates. 

The Examiner argues that Barkley's approach is a "top-down" approach simply 
because Barkley's solution provides for roles occupying a higher structure in the 
organization (e.g., branch manager) to have greater access privileges compared to roles at 
lower levels in the organization, such a employees (Advisory Action dated November 3, 
2009). The Examiner appears to again rely on the fact that an organization may be 
organized hierarchically with senior level employees at the top and lower at the bottom as 
providing the "hierarchical, top down" structure corresponding to Appellant's claim 
limitations. However, the "hierarchical structure" referenced in Appellant's specification 
and claims is not a corporation or organization. Instead, the hierarchical structure of 
Appellant's claimed invention is a manner of structuring entitlements (e.g., permissions 
and limits) in a tree form in which the root (all permissions) is at the top, child nodes 
inherit permissions from parent nodes above, and the permissions inherited by a child 
from its parent are restricted as one traverses down the entitlement tree structure. In 
contrast, when one looks at the actual teachings of Barkley regarding inheritance, it is 
clear that with Barkley's solution managers (i.e., the parent role), inherit permissions held 
by subordinate employees (children). As shown at Fig. 5 of Barkley, and described at 
col. 13, lines 41-49, the "financial advisor" role inherits read permissions from 
"employee" and "account rep" roles as follows: 

The Read permission for the files within the accounts directory is granted as a 
result of the fact that financial_advisor inherits account_rep, which has Read 
permission as a result of the definition of the accounts OAT. Also, 
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financial_advisor has Read permission on the file empl_info as a result of the fact 
that financial_advisor inherits employee and employee has Read permission for 
all files associated with the employee_read OAT, as is the case for the file 
empl_info 

(Barkley, column 13, lines 41-49) 

Barkley's also states that while the financial_advisor role inherits permissions 
from the account_rep role, the financial_advisor role may also have additional 
permissions (Barkley, column 10, lines 50-55). Thus, rather than restrict the inherited 
permissions, Barkley expands the permissions of higher-level roles by having them 
inherit from lower-level roles. Respectfully, it is clear from this discussion, as well as 
review of the balance of the reference, that Barkley describes bottom-up, not top-down 
inheritance . 

3. Claim 17 

The Examiner also references Barkley for teachings comparable to Appellant's 
claim 17, which includes claim limitations providing that permissions are represented as 
three tuples representing negative permissions. Although Barkley does discuss modeling 
permissions as three tuples, it does not represent permissions negatively . For instance, 
Barkley describes permissions as follows: 

User: Any person who interacts directly with a computer system, or a computer 
process which may or may not represent a person. 

A permission can thus be described as authorization to perform an operation on an 

object, while an access control policy which uses roles or groups defines an 

association between a role or group and the permissions for that role or group. 

This association can be represented as a 3-tuple: 

(role or group; object; {permitted operations on object}) 

That is, a user assigned to role (or a member of group) is authorized to perform 

operation on object only if operation is a member of the set of permitted 

operations . 

(Barkley, col. 6, lines 56-65, emphasis added) 

Significantly, the above illustrates that Barkley uses the conventional approach to 
permissions in providing that privileges are represented affirmatively in that a set of 
permitted operations is associated with each role. This is not Appellant's approach. 

Appellant's solution represents negative permissions (restricted entitlements) as 
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illustrated by the following example: 

In the currently preferred embodiment of the present invention entitlements are 
modeled as three-tuples which represent negative permissions (restricted 
entitlements). The format of the tuples is: (operation, objjype, obj_id). 
Wildcarding is allowed in each of the positions resulting in the following possible 
combinations of entitlement information: 

(1) (*, *, *) - all entitlements removed; 

(2) (*, objjype, *) - no operations allowed on the given objjype; 

(Appellant's specification, paragraphs [0088]-[0090]) 

This structure is consistent with Appellant's general approach, which provides that the 
inheritance among roles is negative (i.e., restrictive). With Appellant's hierarchical 
structure, the root node residing at the top of the inheritance hierarchy is enabled for all 
functions (see e.g, Appellant's specification, paragraph [0045]). As Appellant's hierarchy 
is traversed, additional restrictions are applied. For example and as shown above, three 
wildcards (*,*,*) represent that all entitlements (permissions) are removed. Barkley, in 
contrast, describes that permissions are assigned affirmatively, with a given role only 
having those specific (affirmative) permissions assigned to it. This is also another 
example illustrating the differences between Barkley's bottom-up approach and 
Appellant's top-down solution to inheritance of permissions. Thus, Barkley's teachings 
are not comparable to the limitations of Appellant's claim 17, which includes that 
negative permissions are represented as three-tuples. 
4. Conclusion 

For the reasons discussed above, the combined references do not teach or suggest 
all of the claim limitations of Appellant's claims 2-3, 6, 9 and 17. Therefore, as the 
combined references do not teach or suggest all the limitations of Appellant's claims it is 
respectfully submitted that Appellant's claimed invention is distinguishable over the prior 
art and that the Examiner's rejection under Section 103 should not be sustained. 

C. Conclusion 

The present invention greatly improves the efficiency of the specifying and 
enforcing permissions and limits for performing financial transactions that may be used 
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with banking and other financial applications. It is respectfully submitted that the present 
invention, as set forth in the pending claims, sets forth a patentable advance over the art. 

In view of the above, it is respectfully submitted that the Examiner's rejection of 
Appellant's claims under 35 U.S.C. Section 103 should not be sustained. If needed, 
Appellant's undersigned attorney can be reached at 925 465 0361. For the fee due for this 
Appeal Brief, please refer to the attached Fee Transmittal Sheet. This Appeal Brief is 
submitted electronically in support of Appellant's Appeal. 

Respectfully submitted, 

Date: February 16, 2010 /G. Mack Riddle/ 

G. Mack Riddle; Reg. No. 55,572 
Attorney of Record 

925 465 0361 
925 465 8143 FAX 
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8. CLAIMS APPENDIX 



1 . A method implemented in a computer system for specifying and enforcing 
entitlements for performance of financial transactions, the method comprising: 

in a computer system having at least a processor and memory, providing a 
hierarchical entitlement structure with inheritance for specifying entitlements for 
performing financial transactions; 

receiving user input for defining a plurality of entitlement groups of said 
hierarchical entitlement structure, wherein each entitlement group has specified 
permissions to perform financial transactions, limits on performance of said financial 
transactions, and membership of each user; 

in response to a particular user request to perform a financial transaction at 
runtime, identifying the particular user's membership in a certain entitlement group; and 

determining whether to allow the particular user to perform the financial 
transaction based on permissions and limits of said hierarchical entitlement structure 
applicable to the particular user's performance of the financial transaction. 

2. The method of claim 1, wherein said hierarchical entitlement structure 
provides that a given entitlement group inherits permissions provided to its parent 
entitlement group in said hierarchical entitlement structure. 

3. The method of claim 2, wherein said step of defining a plurality of entitlement 
groups includes restricting permissions inherited by an entitlement group from its parent 
entitlement group in said hierarchical entitlement structure. 

4. The method of claim 1, wherein said step of defining a plurality of entitlement 
groups includes defining permissions to access particular objects in a financial 
application. 

5. The method of claim 4, wherein said step of defining a plurality of entitlement 
groups includes defining permissions to perform functions on said particular objects. 
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6. The method of claim 4, wherein at least some of said particular objects 
represent bank accounts. 

7. The method of claim 1, wherein said limits comprise limitations on values of 
financial transactions to be performed. 

8. The method of claim 1, wherein said step of defining a plurality of entitlement 
groups includes defining limits comprising a selected one of per-transaction limits and 
cumulative limits over a period of time. 

9. The method of claim 1, wherein said step of defining a plurality of entitlement 
groups includes defining permissions applying to a selected one of functions of a 
financial application and objects of a financial application. 

10. The method of claim 1, wherein said step of defining a plurality of 
entitlement groups includes defining limits applicable to individual users. 

11. The method of claim 1, wherein said step of defining a plurality of 
entitlement groups includes defining limits applicable collectively to members of an 
entitlement group. 

12. The method of claim 1, wherein said step of defining a plurality of 
entitlement groups includes defining limits applying collectively to a particular 
entitlement group and children entitlement groups of said particular entitlement group in 
said hierarchical entitlement structure. 

13. The method of claim 1, further comprising: 

tracking financial transactions performed for purposes of determining compliance 
with limits. 
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14. The method of claim 13, wherein said step of tracking financial transactions 
performed includes maintaining running total values of financial transactions performed 
in cache for improved performance. 

15. The method of claim 14, wherein said step of determining whether to allow 
the particular user to perform the financial transaction includes determining whether any 
limits have been exceeded based on the running total values and the value of the financial 
transaction requested by the particular user. 

16. The method of claim 1, further comprising: 

maintaining permission information for entitlement groups in the hierarchical 
entitlement structure in cache to improve system performance. 

17. The method of claim 16, wherein said permission information is modeled as 
three-tuples representing negative permissions. 

18. The method of claim 1, wherein permissions provided to an entitlement group 
include permissions to administer a certain other entitlement group. 

19. The method of claim 18, wherein permissions to administer a particular 
entitlement group include modifying permissions of said certain other entitlement group. 

20. The method of claim 18, wherein said permissions to administer a certain 
other entitlement group are subject to limitations defined for the entitlement group having 
said permissions to administer. 

21. The method of claim 1, wherein permissions provided to an entitlement group 
include permissions to extend a certain other entitlement group. 

22. The method of claim 21, wherein permissions to extend a certain other 
entitlement group include permissions to define a child entitlement group of said 
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particular entitlement group. 



23.-24. (Canceled) 

25. A system for specifying and enforcing entitlements for performance of 
financial transactions, the system comprising: 

a computer having at least a processor and memory; 

a hierarchical entitlement structure with inheritance for specifying entitlements 
for performing financial transactions; 

a user input module for specifying a plurality of entitlement groups of said 
hierarchical entitlement structure, wherein each entitlement group has specified 
permissions to perform financial transactions, limits on performance of said financial 
transactions, and user membership; and 

an enforcement module for determining, in response to a particular user's request 
to perform a given financial transaction at runtime, whether to allow the particular user to 
perform the financial transaction based on permissions and limits of said hierarchical 
entitlement structure applicable to the entitlement group of which the particular user is a 
member. 

26. The system of claim 25, wherein said hierarchical entitlement structure 
provides that a given entitlement group inherits permissions provided to its parent 
entitlement group in said hierarchical entitlement structure. 

27. The system of claim 26, wherein said plurality of entitlement groups includes 
a child entitlement group inheriting permissions from its parent entitlement group in said 
hierarchical entitlement structure; wherein restrictions are applied to the permissions 
inherited by such child inheritance group. 

28. The system of claim 25, wherein said permissions to perform financial 
transactions include permissions to access particular objects in a financial application. 
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29. The system of claim 28, wherein said step wherein said permissions to 
perform financial transactions include permissions to perform functions on said particular 
objects. 

30. The system of claim 28, wherein at least some of said particular objects 
represent bank accounts. 

31. The system of claim 25, wherein said limits comprise limitations on values of 
financial transactions to be performed. 

32. The system of claim 31, wherein limitations on values of financial 
transactions to be performed comprise a selected one of per-transaction limits and 
cumulative limits over a period of time. 

33. The system of claim 25, wherein said permissions to perform financial 
transactions include permissions applying to a selected one of functions of a financial 
application and objects of a financial application. 

34. The system of claim 25, wherein said specifying a plurality of entitlement 
groups includes specifying limits applicable to individual users. 

35. The system of claim 25, wherein said specifying a plurality of entitlement 
groups includes specifying limits applicable collectively to members of an entitlement 
group. 

36. The system of claim 25, wherein said specifying a plurality of entitlement 
groups includes specifying limits applying collectively to a particular entitlement group 
and children entitlement groups of said particular entitlement group in said hierarchical 
entitlement structure. 

37. The system of claim 25, further comprising: 
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a module for tracking financial transactions performed for purposes of 
determining compliance with limits. 

38. The system of claim 37, wherein said module for tracking financial 
transactions performed maintains running total values of financial transactions performed 
in cache memory of the computer. 

39. The system of claim 38, wherein said enforcement module determines 
whether to allow the particular user to perform the financial transaction based, at least in 
part, on said running total values and the value of the financial transaction requested by 
the particular user. 

40. The system of claim 25, further comprising: 

a module for maintaining permission information for entitlement groups in the 
hierarchical entitlement structure in cache memory of the computer. 

41. The system of claim 40, wherein said permission information is modeled as 
three-tuples representing negative permissions. 

42. The system of claim 25, wherein permissions provided to an entitlement 
group include permissions to administer a certain other entitlement group. 

43. The system of claim 42, wherein permissions to administer a particular 
entitlement group include modifying permissions of said certain other entitlement group. 

44. The system of claim 42, wherein said permissions to administer a certain 
other entitlement group are subject to limitations defined for the entitlement group having 
said permissions to administer. 

45. A method for defining and enforcing permissions and limits on performance 
of financial transactions in a banking system, the method comprising: 
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in a banking system implemented in a computer system having at least a 
processor and memory, receiving user input defining a plurality of entitlement groups, 
wherein each entitlement group has specified users, permissions to perform financial 
transactions and limits on performance said financial transactions; 

organizing said plurality of entitlement groups into hierarchical structure with 
inheritance specifying permissions and limits for performing financial transactions; 

in response to a particular user request to perform a financial transaction in the 
banking system at runtime, identifying the particular user's membership in a certain 
entitlement group; and 

determining whether to allow the particular user to perform the financial 
transaction based on permissions and limits of said hierarchical entitlement structure 
applicable to the particular user's performance of the financial transaction. 
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9. EVIDENCE APPENDIX 

This Appeal Brief is not accompanied by an evidence submission under §§ 1.130, 
1.131, or 1.132. 
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10. RELATED PROCEEDINGS APPENDIX 

Pursuant to Appellant's statement under Section 2, this Appeal Brief is not 
accompanied by any copies of decisions. 
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